Hi Hannes,
thanks for supporting it, I agree the audience concept is not tied to
the PoP work
Cheers, Sergey
On 20/01/16 14:27, Hannes Tschofenig wrote:
Hi Sergey,
that's a good question. After this document was published the
functionality had been integrated into the PoP solution document.
Recently, I got feedback that the functionality should be more generic
and it is independent of the PoP work.
So, I guess it is a good time to discuss the needed functionality and
where it should be included.
Ciao
Hannes
On 01/20/2016 11:25 AM, Sergey Beryozkin wrote:
Hi
Given that the draft-tschofenig-oauth-audience [1] has expired, I'm
wondering if it is still relevant.
I know the token introspection response can provide the audience
value(s), but the question is really how a client is associated with a a
given audience in the first place. As such [1] may still make sense, for
example, I can think of two options:
1. the client audiences are set out of band during the client
registration time and all the tokens issued to that client will be
restricted accordingly
2. the client is requesting a specific audience during the grant to
token exchange as per [1]
I guess 1. is how it is done in practice or is 2. is also a valid option ?
Thanks, Sergey
[1] https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
